[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15145 Download | Alert*

The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.

Netwide Assembler 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file.

Netwide Assembler 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input.

ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c.

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces . Specifically, it is only vulnerable in GOPATH mode, but not in module mode . The attacker can cause an arbitrary filesystem write, which can lead to code execution.

Netwide Assembler 2.14rc15 has an invalid memory write in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file.

Netwide Assembler 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $and ! characters.

prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a usersession remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of the same Prosody instance.

An issue was discovered in zziplib-bin through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack.

There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps-dev through 0.3.0because it does not reject negative return values from ag_input_stream_read call. A crafted input will lead to a remote denial of service attack.


Pages:      Start    619    620    621    622    623    624    625    626    627    628    629    630    631    632    ..   1514

© SecPod Technologies